KLA12006 Multiple vulnerabilities in Apple iCloud

Multiple vulnerabilities were found in Apple iCloud. Malicious users can exploit these vulnerabilities to perform cross-site scripting attack, bypass security restrictions, cause denial of service. Below is a complete list of vulnerabilities: 1. An input validation vulnerability in WebKit can be...

sqlite security update

3.26.0-11 - Fixed bug in CVE-2019-20218 1791592 3.26.0-10 - Fixed CVE-2020-13632 1845572 - Fixed CVE-2020-13631 1845474 - Fixed CVE-2020-13630 1845153 3.26.0-9 - Fixed CVE-2019-5018 1721509 3.26.0-8 - Fixed CVE-2019-16168 1826897 3.26.0-7 - Fixed CVE-2019-20218 1791592 - Fixed CVE-2020-6405 18048...

Hetty - An HTTP Toolkit For Security Research

Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community. Features Man-in-the-middle MITM HTTP/1.1 proxy with logs Project based...

EulerOS Virtualization 3.0.6.6 : sqlite (EulerOS-SA-2020-2453)

According to the versions of the sqlite packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.CVE-2020-13435 - SQLite through 3.32.0 has an...

CVE-2015-3717 affecting package sqlite 3.32.3-2

CVE-2015-3717 affecting package sqlite 3.32.3-2. A patched version of the package is available...

Denial Of Service (DoS)

sqlite is vulnerable to NULL pointer dereference. The vulnerability exists in ext/fts3/fts3snippet.c allowing a malicious attacker to cause a denial of service via a crafted matchinfo query...

Namespace Collision

sqlite is vulnerable to namespace collision vulnerability. The vulnerability is possible because sqlite allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c...

Denial Of Service (DoS)

sqlite is vulnerable to denial of service DoS.Use-after-free in fts3EvalNextRow in ext/fts3/fts3.c extension module in the way it implemented the snippet function.This flaw allows an attacker who can execute SQL statements to crash the application or potentially execute arbitrary code...

Denial Of Service(DoS)

sqlite is vulnerable to denial of service attacks. Generated column optimizations allow null pointer dereference and segmentation faults...

Out-of-bounds Read

sqlite is vulnerable to out-of-bounds read. A remote attacker can obtain sensitive information from process memory sending a crafted HTML page...

Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2020-2453)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

sqlite: Out-of-bounds read in SELECT with ON/USING clause

An out-of-bounds read vulnerability was found in the SQLite component of the Chromium browser. A remote attacker could abuse this flaw to obtain potentially sensitive information from process memory via a crafted HTML page. The highest threat from this vulnerability is to data confidentiality...

Moderate: Red Hat Security Advisory: sqlite security update

An update for sqlite is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

sqlite: Use-after-free in fts3EvalNextRow in ext/fts3/fts3.c

A use-after-free vulnerability was found in the SQLite FTS3 extension module in the way it implemented the snippet function. This flaw allows an attacker who can execute SQL statements to crash the application or potentially execute arbitrary code...

sqlite: NULL pointer dereference in ext/fts3/fts3_snippet.c via a crafted matchinfo() query

A NULL pointer dereference flaw was found in the matchinfo auxiliary function of the SQLite FTS3 extension module. This flaw allows an attacker who can execute SQL statements to crash the application, resulting in a denial of service...

sqlite: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error

selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error...

sqlite: Use-after-free in window function leading to remote code execution

An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this...

sqlite: NULL pointer dereference and segmentation fault because of generated column optimizations

A NULL pointer dereference was found in SQLite in the way it executes select statements with column optimizations. An attacker who is able to execute SQL statements can use this flaw to crash the application...

sqlite: Virtual table can be renamed into the name of one of its shadow tables

A flaw was found in the virtual table implementation of SQLite. This flaw allows an attacker who can execute SQL statements to rename a virtual table to the name of one of its shadow tables, leading to potential data corruption...

sqlite: Division by zero in whereLoopAddBtreeIndex in sqlite3.c

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlitestat1 sz field, aka a "severe division by zero in the query planner."...